How to use roles in SonataAdminBundle
Try to create roles with ROLE_<service.name>_<RIGHT>
where
<service.name>
is UPPER-CASE-ed and DOT-REPLACED-BY-UNDERSCORE version of your sonata admin service names<RIGHT>
is one of (reference):CREATE
DELETE
EDIT
LIST
VIEW
EXPORT
OPERATOR
MASTER
Example
The following is a snippet from my security.yml:
role_hierarchy: ROLE_MANAGER: - ROLE_USER - ROLE_SONATA_STUFF # have no effect on the UI - ROLE_SONATA_ADMIN # with this role you have a nice navbar with search box # user - ROLE_SONATA_ADMIN_USER_LIST - ROLE_SONATA_ADMIN_USER_VIEW # product - ROLE_SONATA_ADMIN_PRODUCT_LIST - ROLE_SONATA_ADMIN_PRODUCT_VIEW - ROLE_SONATA_ADMIN_PRODUCT_EDIT # product category - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_LIST - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_VIEW ROLE_ADMIN: - ROLE_SONATA_ADMIN # with this role you have a nice navbar with search box # user - ROLE_SONATA_ADMIN_USER_CREATE - ROLE_SONATA_ADMIN_USER_DELETE - ROLE_SONATA_ADMIN_USER_EDIT - ROLE_SONATA_ADMIN_USER_LIST - ROLE_SONATA_ADMIN_USER_VIEW - ROLE_SONATA_ADMIN_USER_EXPORT - ROLE_SONATA_ADMIN_USER_OPERATOR - ROLE_SONATA_ADMIN_USER_MASTER # product - ROLE_SONATA_ADMIN_PRODUCT_CREATE - ROLE_SONATA_ADMIN_PRODUCT_DELETE - ROLE_SONATA_ADMIN_PRODUCT_EDIT - ROLE_SONATA_ADMIN_PRODUCT_LIST - ROLE_SONATA_ADMIN_PRODUCT_VIEW - ROLE_SONATA_ADMIN_PRODUCT_EXPORT - ROLE_SONATA_ADMIN_PRODUCT_OPERATOR - ROLE_SONATA_ADMIN_PRODUCT_MASTER # product category - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_CREATE - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_DELETE - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_EDIT - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_LIST - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_VIEW - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_EXPORT - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_OPERATOR - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_MASTER # purchase - ROLE_SONATA_ADMIN_PURCHASE_CREATE - ROLE_SONATA_ADMIN_PURCHASE_DELETE - ROLE_SONATA_ADMIN_PURCHASE_EDIT - ROLE_SONATA_ADMIN_PURCHASE_LIST - ROLE_SONATA_ADMIN_PURCHASE_VIEW - ROLE_SONATA_ADMIN_PURCHASE_EXPORT - ROLE_SONATA_ADMIN_PURCHASE_OPERATOR - ROLE_SONATA_ADMIN_PURCHASE_MASTER # payment - ROLE_SONATA_ADMIN_PAYMENT_CREATE - ROLE_SONATA_ADMIN_PAYMENT_DELETE - ROLE_SONATA_ADMIN_PAYMENT_EDIT - ROLE_SONATA_ADMIN_PAYMENT_LIST - ROLE_SONATA_ADMIN_PAYMENT_VIEW - ROLE_SONATA_ADMIN_PAYMENT_EXPORT - ROLE_SONATA_ADMIN_PAYMENT_OPERATOR - ROLE_SONATA_ADMIN_PAYMENT_MASTER # notification: email template - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_CREATE - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_DELETE - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_EDIT - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_LIST - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_VIEW - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_EXPORT - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_OPERATOR - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_MASTER ROLE_SUPER_ADMIN: - ROLE_ADMIN - ROLE_ALLOWED_TO_SWITCHaccess_control: - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/admin/, role: ROLE_SONATA_ADMIN }
The following is a snippet from my @AdminBundle/Resources/config/service.yml (only service names are relevant here):
sonata.admin.user: class: Acme\AdminBundle\Admin\UserAdmin tags: - { name: sonata.admin, manager_type: orm, group: "User", label: "User" } arguments: - ~ - Acme\UserBundle\Entity\User - ~ calls: - [ setTranslationDomain, [AcmeAdminBundle]]sonata.admin.product: class: Acme\AdminBundle\Admin\ProductAdmin tags: - { name: sonata.admin, manager_type: orm, group: "Store", label: "Product" } arguments: - ~ - Acme\StoreBundle\Entity\Product - ~ calls: - [ setTranslationDomain, [AcmeAdminBundle]]sonata.admin.product_category: class: Acme\AdminBundle\Admin\ProductCategoryAdmin tags: - { name: sonata.admin, manager_type: orm, group: "Store", label: "Category" } arguments: - ~ - Acme\StoreBundle\Entity\ProductCategory - ~ calls: - [ setTranslationDomain, [AcmeAdminBundle]]sonata.admin.purchase: class: Acme\AdminBundle\Admin\PurchaseAdmin tags: - { name: sonata.admin, manager_type: orm, group: "Store", label: "Purchase" } arguments: - ~ - Acme\StoreBundle\Entity\Purchase - ~ calls: - [ setTranslationDomain, [AcmeAdminBundle]]sonata.admin.payment: class: Acme\AdminBundle\Admin\PaymentAdmin tags: - { name: sonata.admin, manager_type: orm, group: "Payment", label: "Payment" } arguments: - ~ - Acme\PaymentBundle\Entity\Payment - ~ calls: - [ setTranslationDomain, [AcmeAdminBundle]]sonata.admin.notification.email_template: class: Acme\AdminBundle\Admin\Notification\EmailTemplateAdmin tags: - { name: sonata.admin, manager_type: orm, group: "Notification", label: "Email Template" } arguments: - ~ - Acme\NotificationBundle\Entity\EmailTemplate - ~ calls: - [ setTranslationDomain, [AcmeAdminBundle]]